Skip to main content

Telechat Review of draft-ietf-dime-erp-16

Request Review of draft-ietf-dime-erp
Requested revision No specific revision (document currently at 17)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2013-01-22
Requested 2013-01-10
Authors Julien Bournelle , Lionel Morand , Sebastien Decugis , Qin Wu , Glen Zorn
I-D last updated 2013-01-25
Completed reviews Genart Last Call review of -12 by Elwyn B. Davies (diff)
Genart Telechat review of -16 by Elwyn B. Davies (diff)
Secdir Last Call review of -14 by Vincent Roca (diff)
Secdir Telechat review of -16 by Vincent Roca (diff)
Assignment Reviewer Vincent Roca
State Completed
Request Telechat review on draft-ietf-dime-erp by Security Area Directorate Assigned
Reviewed revision 16 (document currently at 17)
Result Has issues
Completed 2013-01-25

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.


Since the security section has not really been updated since version 14, the comments I made at
that time are still valid. Basically:

The security section of this document only refers to the security section of 4 related documents.
This is all the more annoying as draft-ietf-dime-erp introduces new mechanisms (and potentially
new threats and issues). What should I understand? Is the proposal guaranteed to be secure, have
all the potential weaknesses been already addressed in the 4 related documents? I can not
conclude after reading the security section.

One more point. In introduction, the authors say:
"  Security considerations for this key distribution are detailed in Salowey, et al. [RFC5295]."
This reference is not mentioned in the Security Section!